Error checking in ioctl(2)?

Fri Apr 23 01:01:20 UTC 2010

On Thu, Apr 22, 2010 at 5:51 PM, Xin LI <delphij at delphij.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 2010/04/22 17:45, Garrett Cooper wrote:
>> On Thu, Apr 22, 2010 at 4:36 PM, Matthew Fleming
>> <matthew.fleming at isilon.com> wrote:
>>>> Hi hackers,
>>>>     I realize that this isn't 100% userland code, so the checks should
>>>> be minimalized, but when looking at the ioctl(2) syscall code (at
>>>> least I think it is... there's another dupe hanging around in
>>>> sys/dev/hptmv/ioctl.c), I had some questions related to the error
>>>> handling not being done in the code:
>>>>
>>>>         if (size > 0) {
>>>>                 if (com & IOC_VOID) {
>>>>                         /* Integer argument. */
>>>>                         arg = (intptr_t)uap->data;
>>>>                         data = (void *)&arg;
>>>>                         size = 0;
>>>>                 } else
>>>>                         data = malloc((u_long)size, M_IOCTLOPS,
>>>> M_WAITOK); /* XXX: can fail -- do we care? */
>>>
>>> malloc(9) with M_WAITOK cannot return NULL.  So the rest of your XXX
>>> comments are not at issue.
>>>
>>> Also, free(9) is documented to do the right thing when asked to
>>> free(NULL).
>>>
>>> copyin/copyout are really just bcopy but unlike most kernel code they
>>> are allowed to take a page fault.  They deal with this by setting a
>>> function pointer in PCB_ONFAULT, which is used in trap() to set a return
>>> instruction pointer.
>>
>> Matt,
>>     Awesome. I can see I need to do a bit more reading in malloc(3) :)...
>> Thanks for the info!
>
> It's actually malloc(9)...  I personally feels it pretty confusing at
> the beginning when I learned about it.

    Yeah... that makes more sense. It'd be kind of stupid to go
through the libc shim to get to kernel memory management.
Thanks for the correction :},
-Garrett